On Wed, Nov 22, 2000 at 12:52:58PM +0100, Chemolli Francesco (USI) wrote:
> Yes and no. We _do_ cache NTLM authentication, via an "ignorance is bliss"
> system. Surprisingly enough, it works (but it needs checking).
But does it work? I just sniffed IE5.5 Web surfing via Squid/2.4.DEVEL4-ntlm
with ntml auth. IE was set up to use HTTP/1.1 and indeed I see the likes of:
GET http://url/file.html HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Tue, 17 Feb 1998 23:03:10 GMT; length=104
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)
Host: url
Proxy-Connection: Keep-Alive
Proxy-Authorization: NTLMxxxxxxxxxxxxxxxxx=
But Squid replies:
HTTP/1.0 304 Not Modified
1.0! Not 1.1. As such, the TCP session is closed and the next URL requires
another TCP connection - so no credential caching is being done. And indeed,
I see auth traffic to the domain controller for every URL too...
Problem, or have I misconfigured something?
-- Cheers Jason Haar Unix/Special Projects, Trimble NZ Phone: +64 3 9635 377 Fax: +64 3 9635 417 -- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Wed Nov 22 2000 - 13:12:42 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:32 MST